🚨 High-severity security fix in [email protected] just released!
Patches CVE-2026-9675. undici WebSocket client vulnerable to denial of service via cumulative fragment bypass.
github.com/nodejs/undic...
## Impact
The undici WebSocket client enforces `maxPayloadSize` per-frame but does not enforce the cumulative size of fragmented uncompressed messages. A malicious WebSocket server can stream ma...
